§1 Field of the Invention
The present invention concerns authenticating a user. More specifically, the present invention concerns authenticating a user using input from a multi-touch device.
§2 Background Information
With the growing popularity of mobile computing devices and their use for activities such as banking and other transactions that require security, protecting user credentials on mobile devices is becoming increasingly important.
Current applications typically maintain the privacy of users' sensitive data by authenticating a user each time they login. Most mobile devices today use traditional text-based password schemes to authenticate a user. Unfortunately however, users have been known to choose weak passwords. (See, e.g., Jain, A., Ross, A., and Pankanti, S., “Biometrics: A Tool for Information Security,” IEEE Transactions on Information Forensics and Security, Vol. 1, pp. 125-143 (June 2006), incorporated herein by reference.) This is especially true with touch devices, which are extremely popular. One study has shown that the speed of typing on flash glass, which is used in touch devices, is 31% slower than typing on a physical keyboard. (See, e.g., Findlater, L., Wobbrock, J. O., and Wigdor, D., “Typing on Flat Glass: Examining Ten-Finger Expert Typing Patterns on Touch Surfaces,” Proceedings of the 2011 Annual Conference on Human Factors in Computing Systems, CHI '11, ACM (New York, N.Y., USA, 2011), pp. 2453-2462, incorporated herein by reference.) Some believe that this has led to users using shorter passwords on touch devices to shorten their log-in time.
More generally, text passwords have been known to impose a cognitive burden on users that results in selection of weak passwords. (See, e.g., Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., and Memon, N., “Passpoints: Design and Longitudinal Evaluation of a Graphical Password System,” International Journal of Human-Computer Studies, No. 1-2, pp. 102-127 (2005), and Denning, T., Bowers, K., van Dijk, M., and Juels, A., “Exploring Implicit Memory for Painless Password Recovery,” Proceedings of the 2011 Annual Conference on Human Factors in Computing Systems, CHI '11, ACM (New York, N.Y., USA, 2011), pp. 2615-2618, both incorporated herein by reference.) To tackle this problem, in 1996, Blonder first proposed graphical passwords based on a memory study (See Calkins, M. W., “Short Studies in Memory and in Association from the Wellesly College Psychological Laboratory” Psychological Review, Vol. 5(5), pp. 2453-2462 (ACM, New York, N.Y., USA, September 1998), incorporated herein by reference.) that showed human memory for visual words is stronger than for pronounced words. Blonder's graphical passwords were later improved by Passpoints (See, e.g., Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., and Memon, N., “Passpoints: Design and Longitudinal Evaluation of a Graphical Password System,” International Journal of Human-Computer Studies, No. 1-2, pp. 102-127 (2005).) and Cue Click Points (See, e.g., Chiasson, S., van Oorschot, P., and Biddle, R., “Graphical Password Authentication Using Cued Click Points,” Computer Security ESORICS 2007, Vol. 4734 of Lecture Notes in Computer Science, Springer Berlin/Heidelberg (2007), incorporated herein by reference.). Passfaces is another example of a visual memory based authentication scheme where users are asked to repeatedly pick faces out of those presented. (See, e.g., http://www.passfaces.com/pfphelp/logon.htm, incorporated herein by reference.) Draw-a-Secret is a graphical password that is a simple secret picture drawn on a grid. (See, e.g., Dunphy, P., and Yan, J., “Do Background Images improve ‘Draw a Secret’ Graphical Passwords?,” Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pp. 36-47 (ACM, New York, N.Y., USA, 2007), incorporated herein by reference.) In 2010, a touch-screen authentication scheme, similar to Passpoints, which required users to sequentially tap on pre-selected images to input their password was proposed. (See, e.g., Jonathan Citty, D. R. H., “Tapi: Touch-Screen Authentication Using Partitioned Images,” ELON UNIVERSITY TECHNICAL REPORT 2010-1, pp. 1-6 (2010), incorporated herein by reference.)
Unfortunately however, the foregoing graphical password schemes are susceptible to a “shoulder surfing attack” (where an unauthorized user observes entry of the pattern by the authorized user), since they can be potentially observed by an attacker. (See, e.g., Kim, D., Dunphy, P., Briggs, P., Hook, J., Nicholson, J., Nicholson, J., and Olivier, P., “Multi-touch Authentication on Tabletops,” Proceedings of the 28th International Conference on Human Factors in Computing Systems, CHI '10, ACM, pp. 1093-1102 (New York, N.Y., USA, 2010), incorporated herein by reference.)
Touch and multi-touch technologies enable new authentication techniques other than text passwords. One example is the touch-based password scheme called “Pattern Lock” implemented in the Android OS. (See, e.g., Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., and Glezer, C., “Google Android: A Comprehensive Security Assessment,” IEEE Security Privacy, No. 2 in 8, pp. 35-44 (March-April 2010), incorporated herein by reference.) With Pattern Lock, the password is a pattern or sequence of dots connected by lines drawn by a user to gain access to the system. However, Pattern Lock has some disadvantages. First, passwords created using Pattern Lock generally have low entropy. (See, e.g. http://beust.com/weblog2/archives/000497.html, incorporated herein by reference.) Second, a pattern sketched by a user's finger in Pattern Lock has been shown to be vulnerable to disclosure based on the traces left on the touch screen by finger oils. (See, e.g., http://techcrunch.com/2008/10/12/androids-login-is-cool-but-is-it-secure/, incorporated herein by reference.) Third, Pattern Lock does not protect against so-called “shoulder surfing” attacks since these pattern-based passwords generally do not contain biometric information specific to the authorized user. (See, e.g., [Kim, D., Dunphy, P., Briggs, P., Hook, J., Nicholson, J., Nicholson, J., and Olivier, P., “Multi-touch Authentication on Tabletops,” Proceedings of the 28th International Conference on Human Factors in Computing Systems, CHI '10, pp. 1093-1102 (ACM, New York, N.Y., USA, 2010), and Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., and Memon, N., “Passpoints: Design and Longitudinal Evaluation of a Graphical Password System,” International Journal of Human-Computer Studies, No. 1-2, pp. 102-127 (2005), both incorporated herein by reference.) Finally, Pattern Lock does not exploit the full capabilities of the newer multi-touch interfaces emerging in tablets and touch pads where a user can use multiple fingertips to interact with the device. (See, e.g., Wang, F., and Ren, X., “Empirical Evaluation for Finger Input Properties in Multi-Touch Interaction,” Proceedings of the 27th International Conference on Human Factors in Computing Systems, CHI '09, pp. 1063-1072 (ACM, New York, N.Y., USA, 2009), incorporated herein by reference.)
Many alternative approaches have been proposed to tackle the problem of shoulder surfing attacks. For example, in 2004, a PIN-based challenge-response approach was proposed. (See, e.g., Roth, V., Richter, K., and Freidinger, R., “A Pin-Entry Method Resilient Against Shoulder Surfing,” Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS '04, pp. 236-245 (ACM, New York, N.Y., USA, 2004), incorporated herein by reference.) Under this example approach, to enter one digit, the user repeatedly chooses the color of the focus digit shown on the screen (either black or white). In another example, a graphical challenge response scheme was proposed. (See, e.g., Wiedenbeck, S., Waters, J., Sobrado, L., and Birget, J.-C., “Design and Evaluation of a Shoulder-Surfing Resistant Graphical Password Scheme,” Proceedings of the Working Conference on Advanced Visual Interfaces, AVI '06, pp. 177-184 (ACM, New York, N.Y., USA, 2006), incorporated herein by reference.) In this other example, given a convex hull generated by the preselected icons, the user clicks on any icon that appears inside that convex hull and the process is repeated multiple times. Recently, a pressure-based authentication scheme was proposed to reduce the visibility of the secret to an attacker. (See, e.g., Kim, D., Dunphy, P., Briggs, P., Hook, J., Nicholson, J., Nicholson, J., and Olivier, P., “Multi-Touch Authentication on Tabletops,” Proceedings of the 28th International Conference on Human Factors in Computing Systems, CHI '10, pp. 1093-1102 (ACM, New York, N.Y., USA, 2010), incorporated herein by reference.) The idea behind this pressure-based authentication scheme is to confuse or “blind” an attacker by placing fingertips simultaneously in different zones. The user then communicates with the device by increasing the pressure on the fingertip located in a specific zone to select an object.
Yet, another approach to counter shoulder surfing is to avoid relying completely on a shared secret (i.e., a knowledge-based scheme or “what you know” scheme). In addition, a behavior component (“what you are”) is used to supplement the shared secret. One way to achieve this is by using biometric technology. In a biometric authentication system, a personal trait is used to verify (or help verify) a user. To increase the level of security, biometrics can be combined with any other authentication scheme to get a multi-factor authentication. Biometric traits that have been studied for authentication include physiological ones such as retina, iris, fingerprint, face, vein and palm, and behavioral ones such as dynamic signatures, voice, keystroke, and gait. However, using such biometric traits may have drawbacks. More specifically, some require special hardware, some are not robust to external environment changes, some are prone to high error rates and some need long training sessions. Also physiological traits are intrusive from a privacy point of view and they may be impossible to change. For example, a user may be uncomfortable giving an iris scan to Amazon.com because once they do, they cannot change it.
Multi-touch user authentication is also described in U.S. Patent Application Publication No. 2010-0225443 (referred to as “the '443 publication” and incorporated herein by reference). Some example authentication methods described in the '443 publication involve multi-touch gestures. Such techniques could be improved if a reliable and efficient method for maintaining a set of ordered fingertip touches is used.
Given the increasing prevalence of devices including multi-touch technology, it would be useful to provide a new user authentication system that does not have the limitations of text passwords and Pattern Lock-like mechanisms as described above. Further, if a multi-touch authentication system is to be used, such a multi-touch authentication system should ideally be secure (e.g. providing a sufficiently large entropy, less susceptible to shoulder surfing, etc.), yet enjoyable (or at least easy to use) for the end user. It would be useful if such a multi-touch authentication system captured biometric traits (e.g., derived from hand geometry and/or hand movement) of the user. Finally, if a multi-touch authentication system is to be used, it would be useful to use a reliable and efficient method for maintaining a set of ordered fingertip touches.